Date: Wed, 26 Sep 2001 14:29:25 -0600 From: Mike Porter <mupi@mknet.org> To: freebsd-questions@freebsd.org Subject: Re: dhcp & cable, @home (help me fight the MS monopoly) Message-ID: <200109262029.f8QKTQH00642@c1828785-a.saltlk1.ut.home.com> In-Reply-To: <20010926113441.B12931@acadia.ne.mediaone.net> References: <3.0.5.32.20010926000700.007ad100@widomaker.com> <200109261325.f8QDPe922234@c1828785-a.saltlk1.ut.home.com> <20010926113441.B12931@acadia.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 26 September 2001 09:34 am, Louis LeBlanc, or somone very much like Louis LeBlanc, wrote: > On 09/26/01 07:25 AM, Mike Porter sat at the `puter and typed: > > This seems the hard way. I am in the process (a long one, > unfortunately) of switching from a RH6.2 system to a FreeBSD system on > my cable modem with AT&T Broadband. The DHCP thing is one of my > holdups. I know that with dhcpcd distributed with Linux (not pump) > it is easy to get a script executed every time you get a lease/renewal > from the server. Why wouldn't the FreeBSD dhcp client do the same > thing? This would allow you to reset your firewall automatically. > It is only hard when they change my IP. Since they change my IP less than once a quarter, the time involved in learning the configuration format seems negligible. Also, there are some games I like to play under windows, so I find myself rebooting from time to time anyway, just to boot windows. Also, you misunderstand the point of the firewall problem: merely resetting isn't difficult, and (I think?) its supposed to happen in the default scripts, since it is configured through /etc/rc.conf. The problem is that I have added a bunch of the anti-spoofing rules from the ipfilter tutorial site, and THOSE won't change dynamically, even though I can change *my* ip dynamically. In fact, under ipfilter, I just have to run ipf -Y and it wil reinitialize all the rules. The problem is that the only times my IP has changed, it has gone from a 24.x.x.x family to a 65.x.x.x family and back, which invalidates the anti-spoofing rules, since those operate on the 24.x.x.255 and 24.x.x.0 addresses if I am in a 24-family IP, but on 65.x.x.255 and .0 for the 65-family IP's. This means that the entire ruleset must be rewritten, not just a matter of flushing the tables and refreshing my own personal IP. I suppose if I was really ambitious, it would be possible to write some perl or sed or awk that would strip the first three octets from my ifconfig data, and then supply a 255 and a 0, and restructure some of the other rules as well. And as previously noted, that could be tied to dhclient-exit-hooks. But my wife would object to the time spent. All I can say is, my way works well enough for me, for the time I have available to dedicate to the problem. BTW, to reset your firewall, I think all you have to do, if you are using the default ipfw setup, is have dhclient-exit-hooks run /etc/rc.firewall restart. I thought it was supposed to be included in the default dhclient-script but perhaps I'm wrong about that. mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109262029.f8QKTQH00642>